infrastructure/machines/core-services-01/matterbridge.nix

{ config, pkgs, ... }:
let
  manageSecrets = conf: secrets: output: keys:
    /*
    `secrets` are in the form "SECRET_1=secret\nSECRET_2=secre"
    For each name in `keys` we search for a line `$NAME=<secret>`,
    (`<secret>` is just everything up to the end of the line)
    and we substitute `$NAME` by `<secret>` in `conf`, and we print
    the result in `output`.
    */
    let
      check = key: ''
        if grep ${key} ${secrets} > /dev/null
        then
          true
        else
          echo "Missing ${key} from secrets"
          exit 1
        fi
        '';
      get = key: "$(grep '${key}=' ${secrets} | sed 's/^.*=//' | sed -e 's/[\\/&]/\\\\&/g')";
      checks = pkgs.lib.concatMapStrings check;
      replaces = pkgs.lib.concatMapStrings (key: "s/${key}/${get key}/;");
    in pkgs.writeShellScriptBin "preStart" ''
      ${checks keys}
      sed "${replaces keys}" ${conf} > ${output}
      '';
  startScript = pkgs.writeShellScriptBin "start" ''
    ${manageSecrets
          ./matterbridge.toml "$CREDENTIALS_DIRECTORY/secrets" "$RUNTIME_DIRECTORY/conf.toml"
          [ "SECRET_MATTERMOST_WEBHOOK" ]}/bin/preStart
    ${pkgs.matterbridge}/bin/matterbridge -conf $RUNTIME_DIRECTORY/conf.toml
    '';
in {
  networking.firewall.allowedTCPPorts = [ 52187 ];
  systemd.services.matterbridge = {
    description = "Chat platform bridge";
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];

    serviceConfig = {
      DynamicUser = true;
      LoadCredential = "secrets:${config.age.secrets.matterbridge.path}";
      ExecStart = "${startScript}/bin/start";
      Restart = "always";
      RestartSec = "10";
      RuntimeDirectory = "matterbridge";
    };
  };
}
feat: Matterbridge je suis fatigué 2022-02-23 01:42:26 +01:00			`{ config, pkgs, ... }:`
			`let`
			`manageSecrets = conf: secrets: output: keys:`
			`/*`
			`secrets` are in the form "SECRET_1=secret\nSECRET_2=secre"
			For each name in `keys` we search for a line `$NAME=<secret>`,
			(`<secret>` is just everything up to the end of the line)
			and we substitute `$NAME` by `<secret>` in `conf`, and we print
			the result in `output`.
			`*/`
			`let`
			`check = key: ''`
			`if grep ${key} ${secrets} > /dev/null`
			`then`
			`true`
			`else`
			`echo "Missing ${key} from secrets"`
			`exit 1`
			`fi`
			`'';`
			`get = key: "$(grep '${key}=' ${secrets} \| sed 's/^.*=//' \| sed -e 's/[\\/&]/\\\\&/g')";`
			`checks = pkgs.lib.concatMapStrings check;`
			`replaces = pkgs.lib.concatMapStrings (key: "s/${key}/${get key}/;");`
			`in pkgs.writeShellScriptBin "preStart" ''`
			`${checks keys}`
			`sed "${replaces keys}" ${conf} > ${output}`
			`'';`
			`startScript = pkgs.writeShellScriptBin "start" ''`
			`${manageSecrets`
			`./matterbridge.toml "$CREDENTIALS_DIRECTORY/secrets" "$RUNTIME_DIRECTORY/conf.toml"`
			`[ "SECRET_MATTERMOST_WEBHOOK" ]}/bin/preStart`
			`${pkgs.matterbridge}/bin/matterbridge -conf $RUNTIME_DIRECTORY/conf.toml`
			`'';`
			`in {`
			`networking.firewall.allowedTCPPorts = [ 52187 ];`
			`systemd.services.matterbridge = {`
			`description = "Chat platform bridge";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network.target" ];`

			`serviceConfig = {`
			`DynamicUser = true;`
			`LoadCredential = "secrets:${config.age.secrets.matterbridge.path}";`
			`ExecStart = "${startScript}/bin/start";`
			`Restart = "always";`
			`RestartSec = "10";`
			`RuntimeDirectory = "matterbridge";`
			`};`
			`};`
			`}`